whiny-mass-assignment 0.1.0

data/Gemfile

@@ -0,0 +1,2 @@
+gem 'rspec'
+gem 'zentest'

data/Gemfile.lock

@@ -0,0 +1,17 @@
+GEM
+  specs:
+    diff-lcs (1.1.2)
+    rspec (2.5.0)
+      rspec-core (~> 2.5.0)
+      rspec-expectations (~> 2.5.0)
+      rspec-mocks (~> 2.5.0)
+    rspec-core (2.5.1)
+    rspec-expectations (2.5.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rspec

data/LICENSE

@@ -0,0 +1,21 @@
+Dual licensed under MIT License and GPL, pick what suits you best.
+
+Copyright (c) 2011 Apps In Your Pants
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Manifest

@@ -0,0 +1,15 @@
+Gemfile
+Gemfile.lock
+LICENSE
+Manifest
+README.md
+Rakefile
+lib/whiny-mass-assignment.rb
+lib/whiny-mass-assignment/configuration.rb
+lib/whiny-mass-assignment/sanitizer.rb
+lib/whiny_mass_assignment.rb
+rails/init.rb
+spec/config_spec.rb
+spec/sanitizer_spec.rb
+spec/spec_helper.rb
+tasks/spec.rake

data/README.md

@@ -0,0 +1,22 @@
+Complain loudly when protected attributes are set through mass assignment.
+
+By default, in rails 3, attempting to assign values to attributes that are protected from mass assignment,
+rails will issue a warning to the logger and then proceed to ignore those values. That might be a sane
+default for many developers but I believe that attempting to assign to protected attributes is an error,
+not a warning and should be treated as such. During development rails should raise an exception so that 
+it's obvious you're doing something you shouldn't. In production it is a security violation and should be
+available in an audit log.
+
+
+## Usage
+
+To enable whiny mass assignment errors simply set `whiny_mass_assignment` to `:raise` in your environment 
+configuration.
+
+	Application.configure do
+		config.whiny_mass_assignment = :raise
+	end
+	
+	
+Other options are `:log` and `:invalidate`. `:log` uses the default rails behavior while `:invalidate` will
+add a generic error message to the model validation errors in addition to the default log. 

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'rake'
+require 'echoe'
+
+Echoe.new( 'whiny-mass-assignment', '0.1.0', ) do |p|
+  p.description             = "Complain loudly when protected attributes are set through mass assignment."
+  p.url                     = "https://github.com/appsinyourpants/whiny-mass-assignment"
+  p.author                  = "Paul Alexander"
+  p.email                   = "paul@appsinyourpants.com"
+  p.ignore_pattern          = [ "tmp/*" ]
+  p.development_dependencies = ["rspec"]
+end
+
+
+Dir[ File.join File.dirname(__FILE__), "tasks/*.rake" ].sort.each { |ext| load ext }

data/lib/whiny-mass-assignment.rb

@@ -0,0 +1,19 @@
+module WhinyMassAssignment
+  module Config
+    
+    def self.mode 
+      @mode ||= :raise
+    end
+    
+    def self.mode=(value)
+      @mode = value
+    end
+    
+  end
+end
+
+
+require 'whiny-mass-assignment/sanitizer'
+if defined? Rails
+  require 'whiny-mass-assignment/configuration'
+end

data/lib/whiny-mass-assignment/configuration.rb

@@ -0,0 +1,21 @@
+module WhinyMassAssignment
+  module Application
+
+    def whiny_mass_assignment
+      Config.mode
+    end
+    
+    def whiny_mass_assignment=(value)
+      raise ArgumentError.new("invalid configuration value") unless %w{ log raise invalidate }.index(value.to_s)
+      Config.mode = value
+    end
+    
+  end
+end
+
+
+class Rails::Application
+  extend WhinyMassAssignment::Application
+end
+
+

data/lib/whiny-mass-assignment/sanitizer.rb

@@ -0,0 +1,22 @@
+module WhinyMassAssignment
+  module Sanitizer
+
+    def whine!(attrs)
+      raise "Can't mass-assign protected attributes: #{attrs.join(', ')}"
+    end
+  
+    def warn!(attrs)
+      super if Config.options[:mode] == :log
+      whine! attrs if Config.options[:mode] == :raise
+    end
+  
+  end
+end
+
+class ActiveModel::MassAssignmentSecurity::WhiteList
+  include WhinyMassAssignment::Sanitizer
+end  
+
+class ActiveModel::MassAssignmentSecurity::BlackList
+  include WhinyMassAssignment::Sanitizer
+end

data/lib/whiny_mass_assignment.rb

@@ -0,0 +1 @@
+require 'whiny-mass-assignment'

data/rails/init.rb

@@ -0,0 +1 @@
+require 'whiny-mass-assignment'

data/spec/config_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+require 'rails/all'
+require 'whiny-mass-assignment'
+
+module Whiny
+  class Application < ::Rails::Application
+  end
+end
+
+describe WhinyMassAssignment::Config do
+  
+  it "it should integrate with Application::Configuration" do
+    Whiny::Application.should respond_to(:whiny_mass_assignment)
+  end
+  
+  it "should be :raise by default" do 
+    Whiny::Application.whiny_mass_assignment.should == :raise
+  end
+  
+  describe ".whiny_mass_assignment" do 
+    %w{ raise log invalidate }.each do |setting|
+      it "should accept #{setting} " do
+        Whiny::Application.whiny_mass_assignment = setting
+      end
+    end
+    
+    it "should not accept none" do
+      lambda{ Whiny::Application.whiny_mass_assignment = :none }.should raise_error
+    end
+    
+  end
+  
+end

data/spec/sanitizer_spec.rb

@@ -0,0 +1,24 @@
+require 'active_model'
+require 'spec_helper'
+require 'whiny-mass-assignment'
+
+class List < ActiveModel::MassAssignmentSecurity::WhiteList
+  public :warn!
+end
+
+describe ActiveModel::MassAssignmentSecurity::WhiteList do
+  
+  before do
+    @whitelist = List.new()
+  end
+  
+  it "should respond to whine!" do
+    @whitelist.should respond_to :whine!
+  end
+  
+  describe "when :raise" do
+    it "should raise exception" do
+      lambda{ @whitelist.warn!(["example"]) }.should raise_error
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'rspec'
+
+# in spec/spec_helper.rb
+RSpec.configure do |c|
+end

data/tasks/spec.rake

@@ -0,0 +1,8 @@
+require 'rspec/core/rake_task'
+
+spec_opts = 'spec/spec.opts'
+
+desc 'Run framework specs'
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern     = 'spec/**/*_spec.rb'
+end

data/whiny-mass-assignment.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{whiny-mass-assignment}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Paul Alexander"]
+  s.date = %q{2011-02-22}
+  s.description = %q{Complain loudly when protected attributes are set through mass assignment.}
+  s.email = %q{paul@appsinyourpants.com}
+  s.extra_rdoc_files = ["LICENSE", "README.md", "lib/whiny-mass-assignment.rb", "lib/whiny-mass-assignment/configuration.rb", "lib/whiny-mass-assignment/sanitizer.rb", "lib/whiny_mass_assignment.rb", "tasks/spec.rake"]
+  s.files = ["Gemfile", "Gemfile.lock", "LICENSE", "Manifest", "README.md", "Rakefile", "lib/whiny-mass-assignment.rb", "lib/whiny-mass-assignment/configuration.rb", "lib/whiny-mass-assignment/sanitizer.rb", "lib/whiny_mass_assignment.rb", "rails/init.rb", "spec/config_spec.rb", "spec/sanitizer_spec.rb", "spec/spec_helper.rb", "tasks/spec.rake", "whiny-mass-assignment.gemspec"]
+  s.homepage = %q{https://github.com/appsinyourpants/whiny-mass-assignment}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Whiny-mass-assignment", "--main", "README.md"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{whiny-mass-assignment}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Complain loudly when protected attributes are set through mass assignment.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 0"])
+  end
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification 
+name: whiny-mass-assignment
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Paul Alexander
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-22 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Complain loudly when protected attributes are set through mass assignment.
+email: paul@appsinyourpants.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.md
+- lib/whiny-mass-assignment.rb
+- lib/whiny-mass-assignment/configuration.rb
+- lib/whiny-mass-assignment/sanitizer.rb
+- lib/whiny_mass_assignment.rb
+- tasks/spec.rake
+files: 
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- Manifest
+- README.md
+- Rakefile
+- lib/whiny-mass-assignment.rb
+- lib/whiny-mass-assignment/configuration.rb
+- lib/whiny-mass-assignment/sanitizer.rb
+- lib/whiny_mass_assignment.rb
+- rails/init.rb
+- spec/config_spec.rb
+- spec/sanitizer_spec.rb
+- spec/spec_helper.rb
+- tasks/spec.rake
+- whiny-mass-assignment.gemspec
+has_rdoc: true
+homepage: https://github.com/appsinyourpants/whiny-mass-assignment
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Whiny-mass-assignment
+- --main
+- README.md
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 2
+      version: "1.2"
+requirements: []
+
+rubyforge_project: whiny-mass-assignment
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Complain loudly when protected attributes are set through mass assignment.
+test_files: []
+